ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adb Assistant

v1.0.0

ADB 智能助手。通过自然语言查询获取车载 ADB 调试命令。 集成 AI 问答接口,支持 ADB 命令查询、执行指导、常用命令速查。 适用于:ADB 调试、车机调试、车载系统调试、adb shell 命令查询等场景。

0· 39·0 current·0 all-time
by@peihuanjie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the skill queries an AI service for ADB commands and can optionally run adb locally. It does not request unrelated credentials or system-wide access.
!
Instruction Scope
SKILL.md instructs the agent to send user queries (and a user_id) to a hard-coded AI endpoint (http://test.xui.xiaopeng.local:8009/ai/v1/chat_query). It also offers optional direct execution of commands via adb shell. While it includes safety notes (confirm destructive/vehicle-control commands), the skill will still transmit potentially sensitive queries and vehicle-control intent to an unknown host and may use a default user_id if none provided.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the package itself (lowest install risk).
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, it depends on network access to an internal/undocumented AI service and may send identifying data (user_id) and device/command context — a privacy/safety concern even without explicit credential requests.
Persistence & Privilege
Does not request always:true, has no install hooks, and does not attempt to modify other skills or system config. Autonomous invocation is allowed by platform default, but that is not unique to this skill.
What to consider before installing
Before installing or using this skill: - Treat the AI endpoint (http://test.xui.xiaopeng.local:8009) as untrusted unless you can verify its operator; using the skill will send your queries (and possibly a user_id) to that host. - Do not send sensitive vehicle credentials, VINs, or private data in queries. Consider redacting or anonymizing user_id. - Avoid enabling autonomous or unattended execution. Require explicit user confirmation before any adb shell execution, and especially before any vehicle-control commands (doors, engine, windows, factory reset). - Test in a safe environment (non-production vehicle or emulator) before running commands on real hardware. - If you cannot verify the AI service owner, prefer using the included reference/common-commands.md offline as a local reference or modify the skill to point to a trusted AI endpoint you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk974k5fmvrzddy3a6w0bgp9dsd84sthn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments